Time to Punish the Kids

Week of May 6, 2000

Humane thinking teaches us to not punish our children for our own mistakes. Anyone who has children of their own, anyone who has ever worked with children, knows that children are capable of the most unbelievable pranks, and capable of seemingly unspeakable acts of cruelty. Our first reaction is not to call the police when Johnny throws chewing gum at Alice, but if the infringement is serious enough, Johnny might get taken to the rector's office. And if we ourselves are behind the breach in security that results in Johnny being able to exploit the situation and terrorize Alice, we naturally assess the blame where it belongs - on ourselves. We do our best to plug up the hole so it doesn't happen again. And then we move on.

In the world of Internet security a very weird kind of pedagogy is in effect. The 'older generation' is guilty of the most profoundly stupid thinking, and the 'kids' exploit this moronic thinking and then things happen. And we don't rush the kids off to the rector's office. Instead, we call out the S.W.A.T. teams, James Bond, MI6, the FBI, the CIA, we bring out the howitzers and grab the kid, hang him out to dry, make his arrest and concomitant trial a public spectacle - and do not do a damn thing about the hole which caused the furor in the first place.

It would seem reasonable and logical that if the wise powers that be were really interested in Internet security that they would have plugged the holes which made such exploitations possible in the first place, no matter what reaction they had to the exploitations themselves, but no. Stickan Anderson, late manager of the pop group ABBA, used to say regularly in interviews, 'people are not as dumb as you think - they're even dumber.' But even taking Stickan's aphorism in mind, that same mind must still boggle at the series of events of late and the ILOVEYOU crisis.

All of these dastardly exploits involve Microsoft operating systems and Microsoft add-on software. No one else is ever affected.

The security alerts which Microsoft themselves post at a frenetic speed should have convinced even the most die hard Redmond employee that something is very wrong.

Government agencies using Microsoft operating systems and Microsoft add-ons have totally ignored the Melissa threat and just gone on as before.

Stringing the author of Melissa out to dry does not plug the hole. This simple truth is evidently something that the wondrous FBI, the CIA, and all the corporate users of Microsoft tools world wide seem to have wanted to miss. Getting your cookies off in front of a computer monitor or a TV screen as you read the latest in the Melissa trial does not make your email more secure. They seem to have missed this too.

There is nothing extraordinary in either the Melissa exploit or the ILOVEYOU exploit. The only thing that is extraordinary about them is the gaping hole left in all computers running Microsoft products by those renowned Golden Arches of Programming, Microsoft Corporation.

And continuing down this brain-dead path only sets a bad example for the kids.